Data at Rest Encryption Reference Architecture

Encrypting Data at Rest - Deploying Ranger KMS with database

The following diagram illustrates product component functional relationships:

The Ranger KMS database is an external database.

For the Navigator Encrypt to Ranger KMS link, Kerberos authentication is mandatory. TLS is highly recommended.

Cloudera Manager supports multiple Ranger KMS instances, scaled horizontally, which provides High Availability.

For more details on Ranger KMS, see Ranger KMS.